The 7 unwritten rules of leading through crisis

Virtually all enterprises have some form of crisis management plan in place. Yet simply creating a crisis management program isn’t enough. What’s often more important are the unwritten rules that help ensure the program is executed effectively when crisis hits.

Whether you’re facing a data breach, a production outage, or a cloud misconfiguration gone wrong, how you manage a crisis can make or break the trust in your team and your technology, says Trevor Young, chief product officer at cybersecurity technology and services provider Security Compass. “I’ve seen how critical crisis management is across all domains — especially as systems become more complex and threats more dynamic.”

But no matter how comprehensive and detailed your organization’s crisis management plan is, it won’t go smoothly under duress if you can’t lead through crisis. Here are seven fundamental rules for navigating your organization out of a bad situation quickly and with minimal damage.

Rule 1: Resilience requires calm — but not silence

Your first move shouldn’t be panic-fixing everything in silence, Young says. “You need to let people know what’s going on, including your team, your leadership, and sometimes even your customers.” Keeping everyone in the loop calms nerves and builds trust.

Silence makes everything worse, Young warns. When people aren’t sure what’s happening, they assume the worst. “This leads to confusion, bad decisions, and a lot of finger-pointing,” he explains. “Offer clear, honest updates — even if you don’t have all the answers — and keep everyone focused and working together.”

Rule 2: A proactive mindset sets the stage for collective learning

Confusion is contagious. “Providing clarity about what’s known, what matters, and what you’re aiming for, stabilizes people and systems,” says Leila Rao, a workplace and executive coaching consultant. “It sets the tone for proactivity instead of reactivity.”

Simply treating symptoms will make the problem worse, Rao warns. “Misinformation spreads, trust erodes, and well-intentioned responses become counterproductive.”

Crisis is complexity on steroids, Rao observes. “When we center people, welcome multiple perspectives, and make space for emergence, we move from crisis management to collective learning.”

Rule 3: Communication makes teams solution-oriented

Whether it’s a service outage, security incident, or delivery delay, a closed-door response breeds mistrust, says Antony Marceles, a technology consultant and founder of software staffing firm Pumex. “The faster you acknowledge an issue and lay out next steps, the more credibility you’ll preserve, even if the situation itself is still evolving.”

Implementing openness requires building muscle before the crisis hits, Marceles says. “At Pumex, we’ve created internal escalation protocols, client communication templates, and even dry-run drills for different types of incidents,” he says. “When the pressure is on, the last thing you want is having to figure things out on the fly.” Marceles adds that loss of trust is the biggest risk. “In the services industry, once that’s gone, it’s incredibly hard to earn back.”

Transparent communication not only calms nerves, but it also positions your team as trustworthy and solution-oriented, Marceles says. “It creates space for collaboration instead of blame.” He recalls that early and honest communication during a recent vendor-related outage actually strengthened one client relationship. “That’s because we were upfront, responsive, and visible throughout.”

Rule 4: Transparency and head-on response foster much-needed trust

Immediate transparency and rapid, informed response form the cornerstone of successful crisis management, says Hiren Hasmukh, CEO and founder of IT asset management technology provider Teqtivity.

You can’t hide from a crisis, and attempting to do so only compounds the damage, Hasmukh warns. “Clear visibility into what happened allows you to respond effectively and maintain stakeholder trust during challenging times.” Organizations that delay acknowledging issues inevitably face greater scrutiny and damage than those that address situations head-on.

Trust is incredibly fragile during a crisis, Hasmukh observes. Competitors are watching how you respond in difficult moments, he notes. “These situations define your company’s character more than the good times do.” Transparency demonstrates integrity while also providing the information needed to address the situation properly.

Ensure that your teams have the tools needed to quickly gather accurate information about your environment, Hasmukh advises. “Most important, build a company culture that values honesty.” When a crisis strikes, people fall back on established communication patterns. “Your response will naturally align with best practices if those patterns already include transparency.”

Rule 5: Stressed teams seek strong leadership

In a crisis, the team will always follow the tone and behavior of the CIO, says Matthew Oleniuk, an independent project risk analyst. “Being calm and credible at the outset of the crisis will set the stage for successful tactics later.”

If there’s no trust in the leader’s decision-making stability, panic will fill the gap, Oleniuk states. Team members will then select their own priorities. “Misinformation will spread, and … confusion will take hold of the entire department.” All these factors will lead to a second internal — and perhaps even more extreme — crisis.

People won’t trust the crisis playbook unless they trust the voice delivering it, Oleniuk says. Even the best teams may collapse under poor, in-the-moment crisis leadership.

Rule 6: Prepared organizations execute better under pressure

Know who will do what before a crisis hits, recommends Nick Nolen, vice president of cybersecurity strategy and operations at managed cybersecurity provider Redpoint Cyber. In other words, you don’t want to face figuring out your chain of command while the clock is ticking.

“The best teams don’t just have a plan — they know the plan, practice it, and trust each other to execute under pressure,” Nolen says. When things go sideways, clarity is everything. “Confusion burns time,” he adds. In security, time is money, reputation, and, in many instances, compliance. “A clear playbook and defined roles reduce the noise and help teams act with focus.”

Keep the plan simple and make it a routine, Nolen suggests. “Assign roles clearly, revisit them often, and practice regularly.” Full tabletop exercises are great, but even a quick “what-if” discussion in a weekly meeting can build muscle memory. “I’ve seen teams freeze or trip over each other because no one knew who had the authority to act.” The resulting delay then opens the door to greater damage, miscommunication, and even negative regulatory consequences. “You only get one shot to respond well; don’t waste it trying to figure out who’s in charge.”

Crisis response is a team sport, Nolen states. Tools help, but people make or break the outcome. “Give your team clarity,” he observes. “Give them training and, most important, give them the confidence that when they act, leadership will provide support.”

Rule 7: Intelligence is an essential asset under duress

Act with intelligence, not just urgency, advises Jawahar Sivasankaran, president of cybersecurity management service provider Cyware. “This means that decisions made during a crisis must be grounded in real-time contextualized threat intelligence that feeds directly into automated or semi-automated response mechanisms,” he says, by way of example.

Acting without intelligence inevitably leads to missteps — whether it’s activating the wrong response plan or missing key indicators of potential compromises, Sivasankaran says. For example, a threat intelligence management platform, integrated with case management rules, will ensure clarity, precision, and speed, he explains. “It also enables teams to take informed actions that enrich cases with tactical, operational, and strategic intelligence in real-time.”

Sivasankaran recommends integrating cyber threat intelligence into incident response and case management workflows. “Build automation rules that map enriched threat intelligence to the appropriate playbooks — prioritized by criticality and business impact.” To gain greater visibility into emerging threats, he suggests deploying bidirectional sharing with trusted partners.

Ignoring intelligence-driven response inevitably leads to alert fatigue, wasted analyst hours, and inconsistent actions across teams, Sivasankaran warns. “Worse, it opens the door to delayed containment and communication, increasing the incident’s blast radius, both technically and reputationally.”